Skip to content

Commit 86f3b95

Browse files
jservjserv
authored
Merge pull request #34 from ChuWeiChang/address-memory-leak-of-ifr-and-rt
Resolve buffer overflow
2 parents 26c912e + 0000c75 commit 86f3b95

File tree

1 file changed

+13
-38
lines changed

1 file changed

+13
-38
lines changed

src/net-slirp.c

Lines changed: 13 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,8 @@
2525
#include <errno.h>
2626
#include <fcntl.h>
2727
#include <limits.h>
28+
#include <net/if.h>
29+
#include <net/route.h>
2830
#include <poll.h>
2931
#include <pthread.h>
3032
#include <stdio.h>
@@ -1037,18 +1039,9 @@ int kbox_net_configure(const struct kbox_sysnrs *sysnrs)
10371039
return -1;
10381040
}
10391041

1040-
struct {
1041-
char ifr_name[16];
1042-
union {
1043-
short ifr_flags;
1044-
struct {
1045-
unsigned short sin_family;
1046-
unsigned short sin_port;
1047-
unsigned int sin_addr;
1048-
char sin_zero[8];
1049-
} ifr_addr;
1050-
};
1051-
} ifr;
1042+
_Static_assert(sizeof(struct ifreq) == 40,
1043+
"struct ifreq must be 40 bytes (64-bit Linux ABI)");
1044+
struct ifreq ifr;
10521045
memset(&ifr, 0, sizeof(ifr));
10531046
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "eth%d", lkl_netdev_id);
10541047

@@ -1064,8 +1057,9 @@ int kbox_net_configure(const struct kbox_sysnrs *sysnrs)
10641057

10651058
/* 2. Set IP address via SIOCSIFADDR. */
10661059
memset(&ifr.ifr_addr, 0, sizeof(ifr.ifr_addr));
1067-
ifr.ifr_addr.sin_family = AF_INET;
1068-
inet_pton(AF_INET, GUEST_IP_STR, &ifr.ifr_addr.sin_addr);
1060+
struct sockaddr_in *addr = (struct sockaddr_in *) &ifr.ifr_addr;
1061+
addr->sin_family = AF_INET;
1062+
inet_pton(AF_INET, GUEST_IP_STR, &addr->sin_addr);
10691063
ret =
10701064
lkl_syscall6(LKL_NR_IOCTL, sock, LKL_SIOCSIFADDR, (long) &ifr, 0, 0, 0);
10711065
if (ret < 0) {
@@ -1076,8 +1070,8 @@ int kbox_net_configure(const struct kbox_sysnrs *sysnrs)
10761070

10771071
/* 3. Set netmask via SIOCSIFNETMASK. */
10781072
memset(&ifr.ifr_addr, 0, sizeof(ifr.ifr_addr));
1079-
ifr.ifr_addr.sin_family = AF_INET;
1080-
inet_pton(AF_INET, "255.255.255.0", &ifr.ifr_addr.sin_addr);
1073+
addr->sin_family = AF_INET;
1074+
inet_pton(AF_INET, "255.255.255.0", &addr->sin_addr);
10811075
ret = lkl_syscall6(LKL_NR_IOCTL, sock, LKL_SIOCSIFNETMASK, (long) &ifr, 0,
10821076
0, 0);
10831077
if (ret < 0) {
@@ -1093,28 +1087,9 @@ int kbox_net_configure(const struct kbox_sysnrs *sysnrs)
10931087
__atomic_store_n(&net_ready, 1, __ATOMIC_RELEASE);
10941088

10951089
/* 4. Set default gateway via SIOCADDRT. */
1096-
struct {
1097-
unsigned long rt_pad1;
1098-
struct {
1099-
unsigned short sa_family;
1100-
char sa_data[14];
1101-
} rt_dst;
1102-
struct {
1103-
unsigned short sa_family;
1104-
char sa_data[14];
1105-
} rt_gateway;
1106-
struct {
1107-
unsigned short sa_family;
1108-
char sa_data[14];
1109-
} rt_genmask;
1110-
unsigned short rt_flags;
1111-
short rt_pad2;
1112-
unsigned long rt_pad3;
1113-
void *rt_pad4;
1114-
short rt_metric;
1115-
char *rt_dev;
1116-
unsigned long rt_mtu;
1117-
} rt;
1090+
_Static_assert(sizeof(struct rtentry) == 120,
1091+
"struct rtentry must be 40 bytes (kernel ABI)");
1092+
struct rtentry rt;
11181093
memset(&rt, 0, sizeof(rt));
11191094
rt.rt_dst.sa_family = AF_INET;
11201095
rt.rt_genmask.sa_family = AF_INET;

0 commit comments

Comments
 (0)